package com.liip.app.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * security配置类（优先于yml文件配置，功能等同于yml文件配置）
 * @Auther: LuoLin
 * @Date: 2020-11-03 8:06 PM
 * @Description:
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
	
	@Bean
    PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();//不加密
    }
	
	@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("javaboy")
                .password("123")
                .roles("admin")
                .and()
                .withUser("user")
                .password("1234")
                .roles("user");
    }
	
	/**
	 * 	自定义表单登录页实现方法
	 */
	@Override
	public void configure(WebSecurity web) throws Exception {
	    web.ignoring().antMatchers("/js/**", "/css/**","/images/**");
	}
	@Override
	protected void configure(HttpSecurity http) throws Exception {
	    http.authorizeRequests()
	            .anyRequest().authenticated()
	            .and()
	            .formLogin()
	            .loginPage("/login.html")
	            .permitAll()
	            .and()
	            .csrf().disable();
	}
}
